Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2023-20073 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Vulnerability
February 2, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-20068 – Cisco Prime Infrastructure Vulnerability
February 2, 2023

Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-22842 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a SIP profile is configured on a Message Routing type virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2023-22323 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when OCSP authentication profile is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause an increase in CPU resource utilization, and results in a denial of service condition.

CVE-2023-22281 CVSS:7.5

F5 BIG-IP (AFM) is vulnerable to a denial of service, caused by a flawwhen NAT policy with a destination NAT rule is configured on a FastL4 virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2023-22422 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a HTTP profile vulnerability. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2023-22358 CVSS:6.6

F5 BIG-IP (APM) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper loading of Dynamic Link Libraries by the installer. By using a specially-crafted .DLL file, an authenticated attacker could exploit this vulnerability to gain administrative privileges.

CVE-2023-22664 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2023-22340 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a SIP profile is configured on a Message Routing type virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause TMM to terminate, and results in a denial of service condition.

CVE-2023-22341 CVSS:7.5

F5 BIG-IP (APM) is vulnerable to a denial of service, caused by a flaw in the OAuth profile configurations By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2023-23555 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw in BIG-IP Virtual Edition. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2023-23552 CVSS:7.5

F5 BIG-IP (ASM) is vulnerable to a denial of service, caused by a flaw when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2023-22374 CVSS:7.5

F5 BIG-IP could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a format string flaw in the iControl SOAP. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or crash the iControl SOAP CGI process on the system.

Impact

  • Code Execution
  • Privilege Escalation
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2023-22842
  • CVE-2023-22323
  • CVE-2023-22281
  • CVE-2023-22422
  • CVE-2023-22358
  • CVE-2023-22664
  • CVE-2023-22340
  • CVE-2023-22341
  • CVE-2023-23555
  • CVE-2023-23552
  • CVE-2023-22374

Affected Vendors

F5

Affected Products

  • F5 BIG-IP 14.1.0
  • F5 BIG-IP 13.1.0
  • F5 BIG-IP (AFM) 15.1.0
  • F5 BIG-IP (AFM) 14.1.0
  • F5 BIG-IP (AFM) 13.1.0
  • F5 BIG-IP 15.1.0
  • F5 BIG-IP 16.1.0
  • F5 BIG-IP (AFM) 16.1.0
  • F5 BIG-IP 13.1.5
  • F5 BIG-IP 16.1.3
  • F5 BIG-IP 14.1.5
  • F5 BIG-IP 17.0.0
  • F5 BIG-IP (AFM) 16.1.3
  • F5 BIG-IP 15.1.8
  • F5 BIG-IP (AFM) 17.0.0
  • F5 BIG-IP (AFM) 15.1.7
  • F5 BIG-IP (AFM) 14.1.5
  • F5 BIG-IP (AFM) 13.1.5
  • F5 BIG-IP SPK 1.6.0
  • F5 BIG-IP SPK 1.5
  • F5 BIG-IP 16.1.2.2
  • F5 BIG-IP 15.1.5.1
  • F5 BIG-IP 14.1.4.6

Remediation

Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-22842

CVE-2023-22323

CVE-2023-22281

CVE-2023-22422

CVE-2023-22358

CVE-2023-22664

CVE-2023-22340

CVE-2023-22341

CVE-2023-23555

CVE-2023-23552

CVE-2023-22374